Hub Protocol: Add API contracts, federation, and security protocols

[Copilot]

The Hub protocol lacked REST API contracts, multi-region federation support, and plugin security infrastructure. This adds complete specifications for managing tenants, plugins, and workspaces at scale.

Changes

API Contracts (api/hub.zod.ts - 960 lines)

Complete HTTP API specifications with request/response schemas:

• Space Management: CRUD + pagination/filtering/sorting
• Tenant Management: Multi-tenancy with isolation levels
• Plugin Registry: Publishing, versioning, search
• License Management: Issuance, validation, revocation
• Composer Service: BOM compilation, build status
• Health Monitoring: System metrics, service status

// Example: Create space with runtime quotas
const request: CreateSpaceRequest = {
  name: 'Sales Team',
  slug: 'sales-team',
  ownerId: 'user_123',
  runtime: {
    isolation: 'shared_schema',
    quotas: { maxUsers: 50, maxStorage: 107374182400, apiRateLimit: 10000 }
  }
};

Federation Protocol (hub/hub-federation.zod.ts - 500 lines)

Multi-region deployment infrastructure:

• Region Modeling: Geographic regions with compliance metadata (GDPR, HIPAA, SOC2)
• Hub Instances: Primary/Secondary/Edge roles with replication configs
• Tenant Placement: Data residency policies with continent/region restrictions
• Replication Jobs: Cross-region sync with conflict resolution strategies
• Edge Locations: CDN integration for plugin/asset distribution

// Example: EU data residency compliance
const placement: TenantPlacementPolicy = {
  tenantId: 'tenant_eu',
  primaryRegion: 'eu-west-1',
  dataResidency: {
    continent: 'EU',
    prohibitedRegions: ['us-east-1'] // No US data
  }
};

Security Protocol (hub/plugin-security.zod.ts - 650 lines)

Supply chain security and dependency management:

• Vulnerability Scanning: CVE/GHSA tracking with severity classification
• Dependency Resolution: Semantic versioning with conflict detection + topological sorting
• SBOM: CycloneDX/SPDX format with hash verification
• Provenance: Build environment, source verification, digital signatures
• Trust Scoring: Multi-dimensional metrics (vendor reputation, security, code quality, community engagement)

// Example: Security scan with zero vulnerabilities
const scan: SecurityScanResult = {
  plugin: { id: 'com.acme.crm', version: '2.0.0' },
  status: 'passed',
  summary: { critical: 0, high: 0, medium: 0, low: 0 }
};

// Trust scoring
const trust: PluginTrustScore = {
  score: 88,
  components: { vendorReputation: 95, securityScore: 90, codeQuality: 85 },
  level: 'trusted',
  badges: ['verified-vendor', 'security-scanned', 'code-signed']
};

Test Coverage

• 30 new tests across 3 test files
• All 3,013 tests passing
• 100% Zod runtime validation + TypeScript type safety

Documentation

• hub-management-example.ts: 900+ lines of working examples
• HUB_PROTOCOL_DEVELOPMENT_PLAN.md: Implementation roadmap (bilingual)
• HUB_PROTOCOL_SUMMARY.md: Executive summary (bilingual)

Original prompt

扫描SPEC中的hub协议，作为objectstack所有租户，插件的统一的云端管理中心，提出具体的改进方案和实开发计划

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
spec	Ready	Preview, Comment	Feb 2, 2026 3:18am

To fix unused imports, remove only the specific identifiers that are not referenced anywhere in the file, leaving the rest of the import structure intact. This avoids any behavior changes while cleaning up the code.

Concretely, in examples/basic/hub-management-example.ts, adjust the @objectstack/spec/api import block: delete CreateTenantRequest, TenantResponse, and PluginResponse from the named import list, keeping formatting and comments for other sections the same. No additional methods, definitions, or imports are required.

In general, to fix an unused import, remove it from the import list (or add code that actually uses it, if it was intended to be used). This keeps the codebase clean and avoids misleading readers about required dependencies.

For this specific file, the best fix without changing functionality is to remove Region from the import list from @objectstack/spec/hub on lines 47–58. No other code changes are needed, as the unused symbol is not referenced elsewhere in the shown snippet. Concretely, in examples/basic/hub-management-example.ts, edit the import block starting at line 45 so that the comment // Federation is followed directly by FederationTopology and TenantPlacementPolicy, omitting Region. No additional methods, imports, or definitions are required.

---

[Copilot]

Pull request overview

This pull request adds comprehensive Hub protocol enhancements to ObjectStack, introducing API contracts, multi-region federation, and plugin security infrastructure for managing tenants, plugins, and workspaces at scale.

Changes:

• Complete REST API specifications for Hub management operations (spaces, tenants, plugins, licenses, composer, health monitoring)
• Multi-region federation protocol supporting global deployments with data residency compliance (GDPR, HIPAA, SOC2)
• Plugin security and supply chain protocols including vulnerability scanning, dependency resolution, SBOM generation, provenance tracking, and trust scoring

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
packages/spec/src/api/hub.zod.ts	Comprehensive Hub API contracts with request/response schemas for all management operations
packages/spec/src/api/hub.test.ts	Test coverage for Hub API protocols
packages/spec/src/api/index.ts	Export Hub API protocols
packages/spec/src/hub/hub-federation.zod.ts	Multi-region federation protocol with regions, hub instances, tenant placement policies, and replication
packages/spec/src/hub/hub-federation.test.ts	Test coverage for federation protocol
packages/spec/src/hub/plugin-security.zod.ts	Plugin security protocol with vulnerability scanning, dependency resolution, SBOM, provenance, and trust scoring
packages/spec/src/hub/plugin-security.test.ts	Test coverage for security protocol
packages/spec/src/hub/index.ts	Export enhanced Hub protocols
examples/basic/hub-management-example.ts	Comprehensive examples demonstrating Hub protocol usage
HUB_PROTOCOL_SUMMARY.md	Executive summary and documentation of Hub protocol enhancements
HUB_PROTOCOL_DEVELOPMENT_PLAN.md	Detailed development plan and implementation roadmap

[Copilot]

Schema property names should use camelCase according to the coding guidelines. The following properties use snake_case instead:

• created_last_30d should be createdLast30d
• published_last_30d should be publishedLast30d
• total_downloads should be totalDownloads
• requests_per_minute should be requestsPerMinute
• avg_response_time should be avgResponseTime
• error_rate should be errorRate

The coding guideline states: "Configuration Keys (TS Props): camelCase (e.g., maxLength, referenceFilters)" while "Machine Names (Data Values): snake_case (e.g., name: 'first_name', object: 'project_task')". These are configuration keys in a TypeScript schema, not machine name data values.

[Copilot]

Example property names should use camelCase to match the schema. The following properties use snake_case instead:

• created_last_30d should be createdLast30d
• published_last_30d should be publishedLast30d
• total_downloads should be totalDownloads
• requests_per_minute should be requestsPerMinute
• avg_response_time should be avgResponseTime
• error_rate should be errorRate

The coding guideline states: "Configuration Keys (TS Props): camelCase (e.g., maxLength, referenceFilters)"

[Copilot]

Test data property names should use camelCase to match the schema. The following properties use snake_case instead:

• created_last_30d should be createdLast30d
• published_last_30d should be publishedLast30d
• total_downloads should be totalDownloads
• requests_per_minute should be requestsPerMinute
• avg_response_time should be avgResponseTime
• error_rate should be errorRate

The coding guideline states: "Configuration Keys (TS Props): camelCase (e.g., maxLength, referenceFilters)"

[Copilot]

Unused imports CreateTenantRequest, PluginResponse, TenantResponse.

[Copilot]

Unused import Region.